End-to-end Encrypted Data in Web Applications

MASTER Assignment

END-TO-END ENCRYPTED DATA IN WEB APPLICATIONS

Type : Master M-CS

Period: Apr, 2021 - Nov, 2021

Student : Cesar, M. (Milo, Student M-CS)

Date Final project: Nov 30, 2021

Thesis

Supervisors:

dr.ing. F.W. Hahn (Florian) Assistant Professor

+31534898833

 f.w.hahn@utwente.nl

Building: Zilverling 2025

Personal page

dr. M. Daneva (Maya) Associate Professor

+31534892889

 m.daneva@utwente.nl

Building: Zilverling 2029

Personal page

dr. T. van Dijk MSc (Tom) Assistant Professor

+31534892805

 t.vandijk@utwente.nl

Building: Zilverling 3035

Personal page

Abstract:

End-to-end encryption is often considered to be the holy grail of encryption, at this time, however, it is not a common feature of web applications. This research created a software design for a software system that, when implemented, can make end-to-end encryption obtainable for most web applications. Our software design is created to work in a multi-user environment, it outlines how to create a nested authentication system, how to distribute keys, and how to revoke access. We performed benchmarks on three JavaScript crypto libraries to measure the run-time overhead of such a system. These benchmarks showed us that hundreds of encryption operations can be performed without impacting the user experience. Furthermore, this research shows a design for this software system that allows web application developers to extend their applications with very little effort. This all comes together to form a solid basis from which a system can be implemented that will increase the security and privacy of many web application users, while at the same time staying easy for developers to implement.